Cloudflare empowers NCR to fight sophisticated payment fraud and protect customers across multiple industries

With a storied history of innovation, NCR has been at the forefront of retail systems for more than 100 years. From the earliest cash registers to today’s contactless checkout, NCR is a global leader in software for retail, hospitality, payments and banking. A customer-first focus and a strong foundation of information security have helped NCR earn the trust of its customers and their consumers.

Keep payment fraud at bay

Whether you are buying the perfect puffer jacket, picking up takeout from your favorite restaurant or buying crypto at an ATM, chances are NCR is behind your digital interaction.

“At NCR, our mission is to convert daily transactions into meaningful relationships with our customers,” says Alok Kumar, CISO, Retail & Payments at NCR.

But as the pandemic accelerated digital transformation of sectors such as banking, retail and restaurants, so has online fraud. As the threat of cyberattacks increases, NCR has continued to advance its digital protections that could otherwise chip away at customer confidence and result in higher costs for everyone.

Protect the digital experience

NCR relies on a portfolio of Cloudflare solutions to protect its retail, hospitality, payments and banking customers from online fraud and business disruption while providing a better consumer experience. With Cloudflare, NCR can help guard against brute-force attacks, malicious bots and DDoS attacks.

“Cloudflare was really attractive because it provides really sophisticated controls against attacks but does so in the cloud,” says Bob Varnadoe, CISO at NCR. “The security team isn’t responsible for managing infrastructure, so they are able to focus on doing higher value security work.”

Cloudflare Bot Management Service enables NCR to detect and block malicious bots at scale, helping to protect customers against automated attacks and lowering fraud chargebacks from payment card companies. “When we deployed Cloudflare, we were able to prevent 80 to 90 percent of brute-force attacks–and that was right out of the box.”

With Cloudflare SSL for SaaS, NCR can provide its banking, retail, payments and hospitality customers with a branded visitor experience while extending security and performance benefits. Cloudflare Web Application Firewall offers protection for NCR’s customers against expanding attack surfaces, including advanced malware, zero-day vulnerabilities and the growing risk of attacks on APIs.

Cloudflare helps NCR enhance software supply chain security, a dramatically growing risk. Cloudflare Page Shield gives NCR’s IT team visibility into third-party scripts and libraries running on applications to gain insight into malicious behavior and protect customer interactions from attacks that rely on compromised third-party software.

“Hackers are always trying to bypass protections and Cloudflare continues to step up,” said Kumar.

Growing service revenue

Foundational security defenses are built into NCR’s offerings. Customers at the highest risk of credit card tumbling, credential stuffing or other brute-force attacks can add on a premium security service that offers continuous protection.

Often overlooked, credit card tumbling attacks are a costly assault. In this scam, criminals create possible credit card and debit card numbers, along with the CVV, and test these fake numbers against legitimate websites. When hackers get a working number, they sell it to the highest bidder on the dark web. Repeated attempts drive up NCR’s penalty chargebacks from payment card issuers.

“If a customer gets impacted, we provide the initial brute-force protection at no charge for several weeks,” says Kumar. “After seeing the additional insights, customers can opt to continue on with the premium service.”

The service leverages Cloudflare Bot Management Service as well as Cloudflare Workers and Cloudflare Rules to run serverless code that stops the credit card tumbling attacks. Workers enables deployment of service workers with exceptional performance, reliability and scale, while Cloudflare Rules trigger action when an in-progress attack is detected.

Advanced workload and endpoint with innovative integrations

NCR leverages Cloudflare for greater resilience against advanced threats through innovative integration with NCR’s preferred endpoint and workload protection platform.

“NCR operates in a highly-regulated environment, and we have worked with Cloudflare to develop an innovative way to protect our servers at the highest levels while meeting industry compliance mandates,” says Kumar.

A trusted partnership

NCR invented the electronic cash register, the magnetic card stripe and self-checkout machines. The payments pioneer continues to be a technology leader, protecting its customers from escalating cybersecurity risk and a loss of consumer confidence in today’s digital world.

“Cloudflare was probably one of the easiest decisions we’ve ever made,” said Varnadoe. “Cloudflare has created a lot of value very quickly for our organization.”

Key Results
  • Protect retail, hospitality, payments and banking customers from bad bots, fraudulent transactions and business disruption

  • Increase operational efficiency by reducing payment card chargebacks and squandered IT resources

  • Grow recurring revenue with premium security services for high-risk customers

Cloudflare was probably one of the easiest decisions we’ve ever made. Cloudflare has created a lot of value very quickly for our organization.

Bob Varnadoe

When we deployed Cloudflare, we were able to prevent 80 to 90 percent of the brute-force attacks–and that was right out of the box.

Alok Kumar
CISO, Retail & Payments